Method and apparatus for generating privacy ratings for applications

ABSTRACT

An approach is provided for generating privacy ratings for applications. A privacy ratings platform determines use information associated with one or more applications executing on one or more devices. By way of example, the use information is determined based, at least in part, on usage data associated with one or more input sources, one or more components, one or more categories of personal information, or a combination thereof associated with the one or more devices. The privacy ratings platform then processes and/or facilitates a processing of the use information to determine one or more privacy ratings for the one or more applications.

BACKGROUND

Service providers and device manufacturers (e.g., wireless, cellular,etc.) are continually challenged to deliver value and convenience toconsumers by, for example, providing compelling network services andapplications. As a result, there has been increasingly rapid growth inthe number and variety of applications available to users. However, thegrowing popularity of applications has also made them popular targetsfor malicious attacks that can compromise the privacy of user dataaccessed by applications. Accordingly, users are becoming moreinterested in privacy related information about particular applicationsto help them decide whether they should use or otherwise trust suchapplications with their personal data. To meet this need, serviceproviders and device manufacturers face significant technical challengesto ensuring that individual applications can be assigned privacy ratingsthat are accurate while also minimizing the burden on users whengenerating the ratings.

SOME EXAMPLE EMBODIMENTS

Therefore, there is a need for an approach for generating privacyratings for applications.

According to one embodiment, a method comprises determining useinformation associated with one or more applications executing on one ormore devices. By way of example, the use information is determinedbased, at least in part, on usage data associated with one or more inputsources, one or more components, one or more categories of personalinformation, or a combination thereof associated with the one or moredevices. The method also comprises processing and/or facilitating aprocessing of the use information to determine one or more privacyratings for the one or more applications.

According to another embodiment, an apparatus comprises at least oneprocessor, and at least one memory including computer program code forone or more computer programs, the at least one memory and the computerprogram code configured to, with the at least one processor, cause, atleast in part, the apparatus to determine use information associatedwith one or more applications executing on one or more devices. By wayof example, the use information is determined based, at least in part,on usage data associated with one or more input sources, one or morecomponents, one or more categories of personal information, or acombination thereof associated with the one or more devices. Theapparatus is also caused to process and/or facilitate a processing ofthe use information to determine one or more privacy ratings for the oneor more applications.

According to another embodiment, a computer-readable storage mediumcarries one or more sequences of one or more instructions which, whenexecuted by one or more processors, cause, at least in part, anapparatus to determine use information associated with one or moreapplications executing on one or more devices. By way of example, theuse information is determined based, at least in part, on usage dataassociated with one or more input sources, one or more components, oneor more categories of personal information, or a combination thereofassociated with the one or more devices. The apparatus is also caused toprocess and/or facilitate a processing of the use information todetermine one or more privacy ratings for the one or more applications.

According to another embodiment, an apparatus comprises means fordetermining use information associated with one or more applicationsexecuting on one or more devices. By way of example, the use informationis determined based, at least in part, on usage data associated with oneor more input sources, one or more components, one or more categories ofpersonal information, or a combination thereof associated with the oneor more devices. The apparatus also comprises means for processingand/or facilitating a processing of the use information to determine oneor more privacy ratings for the one or more applications.

In addition, for various example embodiments of the invention, thefollowing is applicable: a method comprising facilitating a processingof and/or processing (1) data and/or (2) information and/or (3) at leastone signal, the (1) data and/or (2) information and/or (3) at least onesignal based, at least in part, on (or derived at least in part from)any one or any combination of methods (or processes) disclosed in thisapplication as relevant to any embodiment of the invention.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising facilitating access to at least oneinterface configured to allow access to at least one service, the atleast one service configured to perform any one or any combination ofnetwork or service provider methods (or processes) disclosed in thisapplication.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising facilitating creating and/orfacilitating modifying (1) at least one device user interface elementand/or (2) at least one device user interface functionality, the (1) atleast one device user interface element and/or (2) at least one deviceuser interface functionality based, at least in part, on data and/orinformation resulting from one or any combination of methods orprocesses disclosed in this application as relevant to any embodiment ofthe invention, and/or at least one signal resulting from one or anycombination of methods (or processes) disclosed in this application asrelevant to any embodiment of the invention.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising creating and/or modifying (1) at leastone device user interface element and/or (2) at least one device userinterface functionality, the (1) at least one device user interfaceelement and/or (2) at least one device user interface functionalitybased at least in part on data and/or information resulting from one orany combination of methods (or processes) disclosed in this applicationas relevant to any embodiment of the invention, and/or at least onesignal resulting from one or any combination of methods (or processes)disclosed in this application as relevant to any embodiment of theinvention.

In various example embodiments, the methods (or processes) can beaccomplished on the service provider side or on the mobile device sideor in any shared way between service provider and mobile device withactions being performed on both sides.

For various example embodiments, the following is applicable: Anapparatus comprising means for performing the method of any oforiginally filed claims 1-10, 21-30, and 46-48.

Still other aspects, features, and advantages of the invention arereadily apparent from the following detailed description, simply byillustrating a number of particular embodiments and implementations,including the best mode contemplated for carrying out the invention. Theinvention is also capable of other and different embodiments, and itsseveral details can be modified in various obvious respects, all withoutdeparting from the spirit and scope of the invention. Accordingly, thedrawings and description are to be regarded as illustrative in nature,and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments of the invention are illustrated by way of example, andnot by way of limitation, in the figures of the accompanying drawings:

FIG. 1 is a diagram of a system capable of generating privacy ratingsfor applications, according to one embodiment;

FIG. 2A is a diagram of the components of a privacy ratings platform,according to one embodiment;

FIG. 2B is a diagram depicting collection of use information associatedwith one or more applications, according to one embodiment;

FIG. 3 is a flowchart of a process for generating privacy ratings forapplications, according to one embodiment;

FIG. 4 is a diagram of a rendering of privacy ratings for applicationslisted in an application store, according to one embodiment;

FIG. 5 is a diagram of a visualization of a privacy rating according toprivacy impacts on input sources, components, categories of personalinformation, or a combination thereof associated with a device,according to one embodiment;

FIG. 6 is a diagram of hardware that can be used to implement anembodiment of the invention;

FIG. 7 is a diagram of a chip set that can be used to implement anembodiment of the invention; and

FIG. 8 is a diagram of a mobile terminal (e.g., handset) that can beused to implement an embodiment of the invention.

DESCRIPTION OF SOME EMBODIMENTS

Examples of a method, apparatus, and computer program for generatingprivacy ratings for applications are disclosed. In the followingdescription, for the purposes of explanation, numerous specific detailsare set forth in order to provide a thorough understanding of theembodiments of the invention. It is apparent, however, to one skilled inthe art that the embodiments of the invention may be practiced withoutthese specific details or with an equivalent arrangement. In otherinstances, well-known structures and devices are shown in block diagramform in order to avoid unnecessarily obscuring the embodiments of theinvention.

FIG. 1 is a diagram of a system capable of generating privacy ratingsfor applications, according to one embodiment. As discussed above, withgrowing privacy awareness among users, users are interested in learningabout the privacy features of applications before deciding to installthem on their devices (e.g., a mobile phone). In some cases, it isexpected that privacy may become a differentiating feature that affectsuser acceptance of applications. It is further contemplated that privacyconsiderations may become as importance a factor for applicationacceptance as other functions aspects of applications (e.g.,performance, usability, etc.).

From the user's point of view, the problem is that there are no reliablesources to get privacy related information about applications.Traditionally, the application developer is often the most knowledgeableabout an application's features, and in the ideal scenario, shouldprovide comprehensive privacy related information about the application.However, it is often the case that there is not enough information todetermine the trustworthiness of specific application developers.Service providers and device manufacturers (e.g., Nokia, Apple,Microsoft, etc.) have also tried to address the trust issue byimplementing, for instance, a centralized certification mechanism wherean application is reviewed for privacy/security issues before publishingthe application to online application stores.

While this act is a deterrent to privacy abuses or attacks, it does notsolve the problem because (1) three have been numerous instances wheremalicious applications have been able to bypass such centralized checks,and (2) users do not fully trust the service providers and devicemanufacturers to also provide unbiased ratings information. It is oftenthe case that users are more likely to trust application reviews fromtheir friends rather than from third parties (e.g., service providersand device manufacturers). Accordingly, for many users, crowdsourcing orpeer comments regarding privacy/security ratings for applications may bepreferred as a means for unbiased feedback. Unfortunately, suchcrowdsourcing ratings information is often not readily available, andwhatever little information that is available may not be reliableenough.

To address this problem, a system 100 of FIG. 1 introduces a privacyratings framework that computes privacy ratings in a crowdsourcedfashion (e.g., using information from multiple devices or users) withminimum burden on the users. In one embodiment, the system 100automatically collects application use information (e.g., informationregarding what device resources, input, content, data, etc. are used byparticular applications) to compute the privacy ratings so that usersneed go through the burden of manually entering such information. Forexample, traditional ratings systems often require users to providetheir input manually. However, users are generally reluctant to dothings (e.g., provide manual ratings) without any incentive (e.g.,financial incentive), or which does not give them immediate benefit. Thesystem 100 overcomes this problem by collecting the data (e.g.,application use information) required for conducting a privacy review inan automated fashion.

In some embodiments, the system 100 then presents the privacy ratings tousers in a well quantifiable and understandable form (e.g., a simplerendering or visualization of the privacy ratings). For example,traditional free-text based reviews or ratings have been very popular.However, privacy as a concept is still in its infancy, and does not havea well understood vocabulary for users to express their privacy-relatedexperiences with applications. This can prevent users from expressingtheir opinions in a way that can be universally and correctly beunderstood other users. To address this problem, the system 100transforms application use information, privacy ratings, etc. using awell-defined privacy model into a privacy representation that can beunderstood by most users (e.g., a common visual representation).

In another embodiment, the system 100 can customize the privacy ratingsfor specific target devices based, for instance, on their respectiveenvironments, usage, context, etc.). In yet another embodiment, thesystem 100 enables the privacy ratings to evolve over time as additionalapplication use information is collected from user devices. For example,traditional crowdsourced reviews are typically one-time reviews whichremain static once uploaded or published. To address this problem, thesystem 100 provides for automated collection of application useinformation and/or other privacy related data over time. This type ofdata collection enables, for instance, this system 100 to capturechanges in application use over time that can, in turn, affect privacyratings over time, thereby providing a more realistic picture ofevolving application usage as it relates to privacy.

As shown in FIG. 1, the system 100 comprises a user equipment (UE) 101(or UEs 101 a-101 n) having connectivity to a privacy ratings platform103 via a communication network 105. The UEs 101 a-101 n may include orhave access to respective privacy ratings client 107 a-107 n (alsocollectively referred to as privacy ratings clients 107) which monitorsand processes privacy ratings information associated with respectiveapplications 108 a-108 n (also collectively referred to as applications108). In one embodiment, the privacy ratings clients 107 enables the UEs101 to interact with the privacy ratings platform 103 to: (a) collectapplication use information; (b) process the use information to computeor generate privacy ratings for the applications 108; (c) continuouslyor periodically monitor the use information over time to update privacyratings; (d) present understandable representations of the privacyratings; (e) customize the privacy ratings to specific devices,environments, contexts, etc.; (f) process data collection policies todetermine specifications specifying data to log for compliance with thedata collection policies; (g) install the specifications at the datastores operating under the data collection policies to initiate loggingof the data; (h) process the data for comparison against the datacollection policies, the specifications, etc., to determine thecompliance with the data collection policies; (i) generatenotifications, reports, etc., with respect to the compliance with thedata collection policies; (j) or perform other functions.

The privacy ratings platform 103 may include or have access to a policydatabase 109 to access or store policy information (e.g., datacollection policies, privacy policies, etc.) associated with users,devices, applications, data stores, etc. The privacy ratings platform103 may also include or have access to a log database 111 to access orstore data logs associated with the collection of application use data,the data collection policies, the auditing specifications, etc.Collected application use information or content may be obtained orstored at data stores located at the policy database 109, the logdatabase 111, a service platform 113, one or more services 115 (orservices 115 a-115 k), one or more content providers 117 (or contentproviders 117 a-117 m), and/or other services and applications availableover the communication network 105. It is noted that the privacy ratingsplatform 103 may be a separate entity of the system 100, a part of theone or more services 115 of the service platform 113, or included withinthe UE 101 (e.g., as part of the application 107).

By way of example, the communication network 105 of system 100 includesone or more networks such as a data network, a wireless network, atelephony network, or any combination thereof. It is contemplated thatthe data network may be any local area network (LAN), metropolitan areanetwork (MAN), wide area network (WAN), a public data network (e.g., theInternet), short range wireless network, or any other suitablepacket-switched network, such as a commercially owned, proprietarypacket-switched network, e.g., a proprietary cable or fiber-opticnetwork, and the like, or any combination thereof. In addition, thewireless network may be, for example, a cellular network and may employvarious technologies including enhanced data rates for global evolution(EDGE), general packet radio service (GPRS), global system for mobilecommunications (GSM), Internet protocol multimedia subsystem (IMS),universal mobile telecommunications system (UMTS), etc., as well as anyother suitable wireless medium, e.g., worldwide interoperability formicrowave access (WiMAX), Long Term Evolution (LTE) networks, codedivision multiple access (CDMA), wideband code division multiple access(WCDMA), wireless fidelity (WiFi), wireless LAN (WLAN), Bluetooth®,Internet Protocol (IP) data casting, satellite, mobile ad-hoc network(MANET), and the like, or any combination thereof

The UE 101 is any type of mobile terminal, fixed terminal, or portableterminal including a mobile handset, station, unit, device, multimediacomputer, multimedia tablet, Internet node, communicator, desktopcomputer, laptop computer, notebook computer, netbook computer, tabletcomputer, personal communication system (PCS) device, personalnavigation device, personal digital assistants (PDAs), audio/videoplayer, digital camera/camcorder, positioning device, televisionreceiver, radio broadcast receiver, electronic book device, game device,or any combination thereof, including the accessories and peripherals ofthese devices, or any combination thereof. It is also contemplated thatthe UE 101 can support any type of interface to the user (such as“wearable” circuitry, etc.).

In another embodiment, the application use information may be processedand compared against the one or more data collection policies and/or theone or more specifications to determine the compliance with the one ormore data collection policies. By way of example, data related to theone or more operations performed on the one or more data stores by oneor more applications, one or more services, one or more third parties,etc., may be compared against one or more policy-monitored operations todetermine whether the one or more performed operations are incompliance. In one scenario, the data collection policies associatedwith a particular data store may forbid transfers of collecteduser-identifiable information to third parties. As such, the datacollection policies may require removal of collected user-identifiableinformation from a subset of collected user data prior to the transferof that subset a third party. Accordingly, such data transfers to thirdparties may be monitored for user-identifiable information to determinecompliance with the data collection policies. In one embodiment, thesystem 100 collects anonymized application use information thatindicates application usage patterns without exposing identifyinginformation associated with a UE 101 or a user o the UE 101.

In another embodiment, one or more notifications and/or one or morereports with respect to the compliance with the one or more datacollection policies may be generated. In one use case, there may bevarious levels of treatment for different non-compliant operations. Forexample, transfers of user-identifiable information to third parties maybe subject to a higher level of scrutiny, as compared with transfers ofcollection information that does not include any user-identifiableinformation. As such, a transfer of user-identifiable information tothird parties (e.g., even transfers permitted by a high-level policymanager) may trigger a notification that includes information relatingto the particular transfer to be generated and transmitted to allhigh-level policy managers. The information relating to the particulartransfer may, for instance, include the policy officer who initiated thedata transfer, the high-level policy manager who permitted the datatransfer, the user-identification information included in the datatransfer, the third party receiving the data transfer, etc. In oneembodiment, the system 100 may use the compliance reports and/ornotifications as a factor in computing the privacy ratings for aparticular application. For example, multiple compliance violations maypotentially lower an application's privacy rating.

In another embodiment, one or more contextual parameters associated withthe application use information may be determined. The privacy ratingsgenerated from the application use information may then be determinedbased on the one or more contextual parameters. By way of example, theone or more contextual parameters may include one or more temporalparameters, one or more location parameters, and/or one or more activityparameters. In one embodiment, the components used for collectionapplication use information from the UEs 101 may include a time-basedmechanism to enable or disable logging based on the temporal parameters.

By way of example, the UE 101, the privacy ratings platform 103, theservice platform 113, the services 115, and the content providers 117communicate with each other and other components of the communicationnetwork 105 using well known, new or still developing protocols. In thiscontext, a protocol includes a set of rules defining how the networknodes within the communication network 105 interact with each otherbased on information sent over the communication links. The protocolsare effective at different layers of operation within each node, fromgenerating and receiving physical signals of various types, to selectinga link for transferring those signals, to the format of informationindicated by those signals, to identifying which software applicationexecuting on a computer system sends or receives the information. Theconceptually different layers of protocols for exchanging informationover a network are described in the Open Systems Interconnection (OSI)Reference Model.

Communications between the network nodes are typically effected byexchanging discrete packets of data. Each packet typically comprises (1)header information associated with a particular protocol, and (2)payload information that follows the header information and containsinformation that may be processed independently of that particularprotocol. In some protocols, the packet includes (3) trailer informationfollowing the payload and indicating the end of the payload information.The header includes information such as the source of the packet, itsdestination, the length of the payload, and other properties used by theprotocol. Often, the data in the payload for the particular protocolincludes a header and payload for a different protocol associated with adifferent, higher layer of the OSI Reference Model. The header for aparticular protocol typically indicates a type for the next protocolcontained in its payload. The higher layer protocol is said to beencapsulated in the lower layer protocol. The headers included in apacket traversing multiple heterogeneous networks, such as the Internet,typically include a physical (layer 1) header, a data-link (layer 2)header, an internetwork (layer 3) header and a transport (layer 4)header, and various application (layer 5, layer 6 and layer 7) headersas defined by the OSI Reference Model.

FIG. 2A is a diagram of the components of a privacy ratings platform,according to one embodiment. FIG. 2A is described in combination withFIG. 2B which is a diagram depicting collection of use informationassociated with one or more applications, according to one embodiment.In this example, FIG. 2A depicts an architecture for automatedcrowdsourced privacy rating.

As shown, the privacy ratings platform 103 has connectivity to UEs 101a, 101 b, and 101 n which include respective privacy ratings clients 107a-107 c. By way of example, the privacy ratings clients 107 include oneor more components for generating and/or facilitating the generation ofprivacy ratings for applications. In one embodiment, the privacy ratingsclients 107 a-107 c include respective data collection modules 201 a-201c (also collectively referred to as data collection modules 201).

By way of example, the data collection modules 201 are responsible forcollecting application use information and related data to supportgeneration of privacy ratings. The application use information includes,for instance, application data that corresponds to usage data of thevarious input sources, components, categories of personal information,etc. available on the UEs 101. These sources, components, categories ofpersonal information, etc. include, for instance, sensors (e.g.,location sensors, accelerometers, gyroscopes, etc.), microphones,cameras, file systems, contact information, calendar information, amongothers. Such sources are usually accessed by middleware frameworks(e.g., Qt Mobility application programming interfaces (APIs)) by theapplications. In one embodiment, the data collection module 201 insertslogging code into privacy sensitive middleware frameworks which log theapplication details each time a source is read (see description withrespect to FIG. 2B). Logged details may include, for instance,timestamps, input source type, name of application accessing the sourcedata, etc.

In another embodiment, in addition to sensor/source/category/etc. usagedata, the user may also set policies (e.g., privacy and/or securitypolicies) regulating the use of a UE 101's resources by theapplications. In this case, the data collection module 201, maydetermine compliance information for the respective applications bychecking whether the application comply with or violate any of thepolicies. The compliance information may then be used as a factor incomputing privacy ratings for the applications (e.g., decrease privacyratings for violations and/or increase privacy ratings for compliance).

In one embodiment, the data collection module 201 stores the applicationuse information (e.g., logged data usage) locally at the UE 101 anduploads the application use information to the privacy ratings platform103 for processing. In some embodiments, the data collection module 201can encrypt the application use data for security reasons. As notedabove, the application use data also contains information about theapplication behavior with respect to any set policies, particularly ifany violations of those policies are determined. In one embodiment, theapplication use information is anonymized and does not contain anyactual user data (e.g., the source data itself). In other words, theapplication use information indicates, for instance, what data orresources are accessed but not the data itself. In this way, theapplication use information is already “privacy safe” and anonymous.

FIG. 2B is a diagram representing applications 108 a and 108 b executingat a UE 101 along with example device resources that the applications108 a and 108 b may access. In this example, the resources includesensors 223, file system 225, contacts 227, camera 229, and microphone231. FIG. 2B shows that application 108 a has accessed the sensors 223and the application 108 b has accessed the camera 229. Accordingly, thedata collection module 201 created logs 221 (e.g., encrypted logs) torecord the respective accesses by the applications 108 a and 108 b. Theencrypted logs 221 comprise, at least in part, the application useinformation collected by the data collection module 201.

Returning to FIG. 2A, the data collection modules 201 of the UEs 101transmit their respective application use information to the privacyratings platform 103. The privacy ratings platform 103 include one ormore components for processing the application use information receivedfrom the data collection modules 201 to generate or compute cumulativeprivacy ratings for the applications. In one embodiment, thetransformation module 203 of the privacy ratings platform 103 processesthe application use information to transform the information based, atleast in part, one or more user privacy metrics (e.g., the personalinformation or categories of personal information that can be inferredfrom the collected application use information). By way of example,personal information or categories of personal information can includeuser location, social connections, context, etc.

In one embodiment, the transformation is performed based, at least inpart, on one or more profiling algorithms. One example algorithm may,for instance, process the number of accesses of input sources S1 and S2with frequencies f1 and f2 to review a particular context C of the user.By way of example, the transformation module 203 may use a matrix thatmaps what personal information (e.g., Personal, Professional, Context,Social Connections, Location, Medical, Financial, etc.) can be inferredbased on which sensors, information sources, input sources, etc. areaccessed by a particular application. Note that each personalinformation category can include sever sub-categories. For example, theContext personal information category may include as sub-categories:Transportation means, Activity, Mood, etc. An example list of sensors,data sources, and input sources includes, but is not limited to: GPS,WiFi, BT, Cell ID, Call logs, SMS, Audio, Accelerometer, Address book,Calendar, Picture, Music, IMEI, IMSI, Device profile, Ring type, Battery(charge) level and Charging indicator. Accordingly, to infer aparticular personal information category, the transformation module 203can use the matrix to match the accessed sensors, data sources, inputsources, etc. and determine the corresponding inferred personalinformation category listed in the matrix.

More specifically, in one embodiment, data from various sensorsindicated in the application use information can be combined to inferpersonal information, using algorithms that can be simple (e.g., instantlocation), or have more complex access patterns (e.g., “Sensors S1 andS2 need to be accessed with frequencies f1 and f2 within time periods t1and t2 to infer a context C.”

In one embodiment, the privacy ratings platform 103 may generateindividual privacy ratings for each of the privacy metrics. In otherembodiments, the aggregation module 205 may combine the individualratings for each privacy metric into a cumulative overall privacy ratingfor each of the applications. It is contemplated that the aggregationmodule 205 may use any process, method, algorithm, etc. to combine theindividual privacy ratings. For example, each metric (e.g., userlocation, social connections, etc.) may be assigned a differentweighting factor and the aggregation of the individual ratings for eachmetric may performed according to the weighting factors.

In one embodiment, the data collection modules 201 are collecting and/oruploading the application use information to the privacy ratingsplatform 103 continuously or periodically over one or more periods oftime. Accordingly, the privacy ratings platform 103 can also update thecomputed privacy ratings for the applications at least substantiallycontinuously or periodically.

In one embodiment, the privacy ratings computed above represent, forinstance, the privacy risks as would be experience by users in general.In other words, the ratings are based on cumulative application useinformation (e.g., application access patterns), and may not necessarilyrepresent the actual risks as would be experienced by a specific userhaving specific characteristics (e.g., device characteristics, datacharacteristics, application characteristics, environmentalcharacteristics, etc.).

For instance, consider the location-based scenario described herein. Letapplication A access user U's location with frequency f. Thisinformation is logged and provided to the privacy ratings platform 103which computes its privacy rating for A based on this and similar datareceived from other users. The privacy ratings platform 103 implicitlyassumes that A actually received the location information it asked forwith a certain accuracy. In reality, A may have received U's locationinformation with very low accuracy, considerably reducing the privacyrisks posed by A. This may be due to U's current location where, forinstance, (1) GPS is not available, (2) high accuracy sensors are notsupported by U's phone model, (3) etc.

Given this scenario, the privacy ratings computed by the privacy ratingsplatform 103 can be considered the worst case scenario where the privacyratings platform 103 assumes that all access requests succeeded with thehighest possible accuracy. It is contemplated that other normalizationmodels are also possible. In one embodiment, the data collection module201 does not provide this type of information (e.g., “accuracy ofreceived data”) to the privacy ratings platform 103 because accuracyinformation can also be considered as private information (e.g., canreveal information about the user's environment, financial status,etc.).

To overcome this limitation, the system 100 can implement a distributedframework whereby one or more functions of the privacy ratings platform103 can be performed locally at the privacy ratings clients 107 (e.g.,via the privacy scaling modules 207 a-207 c). Under this distributedframework, the data collection module 201 works as before logging andproviding “privacy-safe” application use information to the privacyratings platform 103. The privacy ratings platform 103 then computes thegeneric privacy ratings as before utilizing the transformation module203 and the aggregation module 205. In one embodiment, the privacyscaling modules 207 a-207 c in addition to storing data about accessrequests made by an application (e.g., as stored by the data collectionmodule 201), also maintains metadata about the corresponding responsesto the access requests. By way of example, the response metadataconsists of parameters (e.g., accuracy, input sensor, etc.) used whilecomputing the returned value or response to the access request. This inturn determines the quality of the actual data received by theapplication, and hence the risk posed by that application. Based on thisdata, the privacy scaling modules 207 a-207 c, on retrieving the genericprivacy rating of an application (e.g., from an application store),applies a scaling function to customize the rating specific to the userenvironment and/or characteristics of the device, environment,application, data, etc. before displaying the application's privacyratings to the user.

FIG. 3 is a flowchart of a process for generating auditingspecifications, according to one embodiment. In one embodiment, theprivacy ratings platform 103 performs the process 300 and is implementedin, for instance, a chip set including a processor and a memory as shownin FIG. 7. In addition or alternatively, the privacy ratings client 107may perform all or a portion of the process 300.

In step 301, the privacy ratings platform 103 determines use informationassociated with one or more applications executing on one or moredevices. In one embodiment, the privacy ratings platform 103 determinesthe use information based, at least in part, on usage data associatedwith one or more input sources, one or more components, one or morecategories of personal information, or a combination thereof associatedwith the one or more devices (step 303). By way of example, the useinformation includes, at least in part, one or more data accessrequests, one or more responses to the one or more data access requests,metadata associated with the one or more responses, or a combinationthereof.

In step 305, the privacy ratings platform 103 processes and/orfacilitates a processing of the use information to determine one or moreprivacy ratings for the one or more applications. In one embodiment, theprivacy ratings platform 103 causes, at least in part, a segmentation ofthe use information according to one or more contexts (step 307). Inthis way, the privacy ratings platform 103 can determine the one or moreprivacy ratings with respect to the one or more contexts. In otherwords, the privacy ratings platform 103 may determine multiple privacyratings for each context for each application. In one embodiment, thecontext includes or is based, at least in part, on one or more of theprivacy metrics described above.

In another embodiment, the privacy ratings platform 103 determinescompliance information for the one or more applications based, at leastin part, on one or more privacy policies or other data access policiesassociated with the one or more devices (step 309). The privacy ratingsplatform 103 then determines the one or more based further on, at leastin part, the compliance information. As described above, the complianceinformation may include information indication compliance and/orviolations with the one or more policies operating at a particulardevice.

In one embodiment, the privacy ratings platform 103 determines the useinformation over one or more periods of time (step 311). Thisdetermination can be performed, for instance, continuously,substantially continuously, periodically, according to a schedule, etc.The privacy ratings platform 103 then uses the use information collectedover time to cause, at least in part, an updating of the one or moreprivacy ratings over the one or more periods of time (step 313).

Once the privacy ratings are generated or computed, the privacy ratingsplatform 103 can determine to generate at least one visualrepresentation of the one or more privacy ratings (step 315). In oneembodiment, the representations may be presented when accessing anapplication store that lists the applications associated with thedetermined privacy ratings. In another embodiment, the privacy ratingsplatform 103 cause, at least in part, a visualization of the one or moreprivacy ratings that indicates, at least in part, one or more privacyimpacts associated with the one or more input sources, the one or morecomponents, the one or more categories of personal information, or acombination thereof. In yet another embodiment, the privacy ratingsplatform 103 can also cause, at least in part, a grouping of the one ormore applications based, at least in part, on the one or more privacyratings. In this way, the user can access application with similarprivacy ratings more easily.

In some embodiments, the privacy ratings platform 103 can customize theprivacy ratings for specific devices. More specifically, the privacyratings platform 103 process and/or facilitate a processing of one ormore characteristics of (a) at least one target device, (b) one or moreenvironments in which the at least one target device operates, (c) theuse information, or (d) a combination thereof to cause, at least inpart, a scaling of the one or more privacy ratings for the at least onetarget device (step 317). The scaled privacy ratings can then bepresented at the target device in place of the generic privacy ratings.

FIG. 4 is a diagram of a rendering of privacy ratings for applicationslisted in an application store, according to one embodiment. FIG. 4 isdescribe in conjunction with FIG. 5 which depicts a diagram of avisualization of a privacy rating according to privacy impacts on inputsources, components, categories of personal information, or acombination thereof associated with a device, according to oneembodiment. As shown in FIG. 4, the privacy ratings 401 computed by theprivacy ratings platform 103 are displayed with other applicationrelated information 403 (e.g., quality ratings) for each application(e.g., applications 405 a-405 f) in an application store. In oneembodiment (as shown in FIG. 5), the visual representation of a privacyrating is a circle graph 500 that is divided into equal sectorscorresponding to the different categories of personal information (e.g.,sector 501 a for “Personal Interests”, sector 501 b for “Social Graph”,sector 501 c for “Social Physical Interaction”, sector 501 d for“Activity”, sector 501 e for “Location History”, and sector 501 f for“Contexts”).

In one embodiment, the percentage that each sector is shaded representsa probability of that type of personal information being inferred basedon the usage pattern demonstrated by a particular application. In someembodiments, the user has the option to of zooming into a specificsector of the graph to get more detailed information (e.g., privacyratings for sub-categories, examples of the use information used tocalculate the rating, etc.) corresponding to that personal informationcategory. It is contemplated that any type of representation orvisualization may be used to convey the privacy ratings and relatedinformation.

In one embodiment, the extent or presence of a shaded portion does notnecessarily indicate that an application is malicious. Some applicationsdepending on their functionality may actually need a more “privacyintrusive” usage pattern (e.g., to fulfill their functionality). So thedisplayed privacy ratings for the application should, in someembodiments, provide this information as well to the user. One option isfor the privacy ratings platform 103 to compute a weighted privacyrating taking into account the “allowed” usage of an application (e.g.,usage required by the application to fulfill its functionality). Suchallowed usage for an application can be computed, for instance, as anaverage of the usage demonstrated by similar applications and/orbelonging to the same category. The allowed usage of an application canalso be displayed using a separate representation (e.g., color, shading,etc.) in the privacy ratings graph 500 of an application in theapplication store.

In another embodiment, the allowed usage information of the application,together with policies used by other users (including the applicationbehavior with respect to compliance and/or violations of those policies)can be used to define default usage policies for new users.

The processes described herein for generating privacy ratings forapplications may be advantageously implemented via software, hardware,firmware or a combination of software and/or firmware and/or hardware.For example, the processes described herein, may be advantageouslyimplemented via processor(s), Digital Signal Processing (DSP) chip, anApplication Specific Integrated Circuit (ASIC), Field Programmable GateArrays (FPGAs), etc. Such exemplary hardware for performing thedescribed functions is detailed below.

FIG. 6 illustrates a computer system 600 upon which an embodiment of theinvention may be implemented. Although computer system 600 is depictedwith respect to a particular device or equipment, it is contemplatedthat other devices or equipment (e.g., network elements, servers, etc.)within FIG. 6 can deploy the illustrated hardware and components ofsystem 600. Computer system 600 is programmed (e.g., via computerprogram code or instructions) to generate privacy ratings forapplications as described herein and includes a communication mechanismsuch as a bus 610 for passing information between other internal andexternal components of the computer system 600. Information (also calleddata) is represented as a physical expression of a measurablephenomenon, typically electric voltages, but including, in otherembodiments, such phenomena as magnetic, electromagnetic, pressure,chemical, biological, molecular, atomic, sub-atomic and quantuminteractions. For example, north and south magnetic fields, or a zeroand non-zero electric voltage, represent two states (0, 1) of a binarydigit (bit). Other phenomena can represent digits of a higher base. Asuperposition of multiple simultaneous quantum states before measurementrepresents a quantum bit (qubit). A sequence of one or more digitsconstitutes digital data that is used to represent a number or code fora character. In some embodiments, information called analog data isrepresented by a near continuum of measurable values within a particularrange. Computer system 600, or a portion thereof, constitutes a meansfor performing one or more steps of generating privacy ratings forapplications.

A bus 610 includes one or more parallel conductors of information sothat information is transferred quickly among devices coupled to the bus610. One or more processors 602 for processing information are coupledwith the bus 610.

A processor (or multiple processors) 602 performs a set of operations oninformation as specified by computer program code related to generatingprivacy ratings for applications. The computer program code is a set ofinstructions or statements providing instructions for the operation ofthe processor and/or the computer system to perform specified functions.The code, for example, may be written in a computer programming languagethat is compiled into a native instruction set of the processor. Thecode may also be written directly using the native instruction set(e.g., machine language). The set of operations include bringinginformation in from the bus 610 and placing information on the bus 610.The set of operations also typically include comparing two or more unitsof information, shifting positions of units of information, andcombining two or more units of information, such as by addition ormultiplication or logical operations like OR, exclusive OR (XOR), andAND. Each operation of the set of operations that can be performed bythe processor is represented to the processor by information calledinstructions, such as an operation code of one or more digits. Asequence of operations to be executed by the processor 602, such as asequence of operation codes, constitute processor instructions, alsocalled computer system instructions or, simply, computer instructions.Processors may be implemented as mechanical, electrical, magnetic,optical, chemical or quantum components, among others, alone or incombination.

Computer system 600 also includes a memory 604 coupled to bus 610. Thememory 604, such as a random access memory (RAM) or any other dynamicstorage device, stores information including processor instructions forgenerating privacy ratings for applications. Dynamic memory allowsinformation stored therein to be changed by the computer system 600. RAMallows a unit of information stored at a location called a memoryaddress to be stored and retrieved independently of information atneighboring addresses. The memory 604 is also used by the processor 602to store temporary values during execution of processor instructions.The computer system 600 also includes a read only memory (ROM) 606 orany other static storage device coupled to the bus 610 for storingstatic information, including instructions, that is not changed by thecomputer system 600. Some memory is composed of volatile storage thatloses the information stored thereon when power is lost. Also coupled tobus 610 is a non-volatile (persistent) storage device 608, such as amagnetic disk, optical disk or flash card, for storing information,including instructions, that persists even when the computer system 600is turned off or otherwise loses power.

Information, including instructions for generating privacy ratings forapplications, is provided to the bus 610 for use by the processor froman external input device 612, such as a keyboard containing alphanumerickeys operated by a human user, a microphone, an Infrared (IR) remotecontrol, a joystick, a game pad, a stylus pen, a touch screen, or asensor. A sensor detects conditions in its vicinity and transforms thosedetections into physical expression compatible with the measurablephenomenon used to represent information in computer system 600. Otherexternal devices coupled to bus 610, used primarily for interacting withhumans, include a display device 614, such as a cathode ray tube (CRT),a liquid crystal display (LCD), a light emitting diode (LED) display, anorganic LED (OLED) display, a plasma screen, or a printer for presentingtext or images, and a pointing device 616, such as a mouse, a trackball,cursor direction keys, or a motion sensor, for controlling a position ofa small cursor image presented on the display 614 and issuing commandsassociated with graphical elements presented on the display 614. In someembodiments, for example, in embodiments in which the computer system600 performs all functions automatically without human input, one ormore of external input device 612, display device 614 and pointingdevice 616 is omitted.

In the illustrated embodiment, special purpose hardware, such as anapplication specific integrated circuit (ASIC) 620, is coupled to bus610. The special purpose hardware is configured to perform operationsnot performed by processor 602 quickly enough for special purposes.Examples of ASICs include graphics accelerator cards for generatingimages for display 614, cryptographic boards for encrypting anddecrypting messages sent over a network, speech recognition, andinterfaces to special external devices, such as robotic arms and medicalscanning equipment that repeatedly perform some complex sequence ofoperations that are more efficiently implemented in hardware.

Computer system 600 also includes one or more instances of acommunications interface 670 coupled to bus 610. Communication interface670 provides a one-way or two-way communication coupling to a variety ofexternal devices that operate with their own processors, such asprinters, scanners and external disks. In general the coupling is with anetwork link 678 that is connected to a local network 680 to which avariety of external devices with their own processors are connected. Forexample, communication interface 670 may be a parallel port or a serialport or a universal serial bus (USB) port on a personal computer. Insome embodiments, communications interface 670 is an integrated servicesdigital network (ISDN) card or a digital subscriber line (DSL) card or atelephone modem that provides an information communication connection toa corresponding type of telephone line. In some embodiments, acommunication interface 670 is a cable modem that converts signals onbus 610 into signals for a communication connection over a coaxial cableor into optical signals for a communication connection over a fiberoptic cable. As another example, communications interface 670 may be alocal area network (LAN) card to provide a data communication connectionto a compatible LAN, such as Ethernet. Wireless links may also beimplemented. For wireless links, the communications interface 670 sendsor receives or both sends and receives electrical, acoustic orelectromagnetic signals, including infrared and optical signals, thatcarry information streams, such as digital data. For example, inwireless handheld devices, such as mobile telephones like cell phones,the communications interface 670 includes a radio band electromagnetictransmitter and receiver called a radio transceiver. In certainembodiments, the communications interface 670 enables connection to thecommunication network 105 for generating privacy ratings forapplications.

The term “computer-readable medium” as used herein refers to any mediumthat participates in providing information to processor 602, includinginstructions for execution. Such a medium may take many forms,including, but not limited to computer-readable storage medium (e.g.,non-volatile media, volatile media), and transmission media.Non-transitory media, such as non-volatile media, include, for example,optical or magnetic disks, such as storage device 608. Volatile mediainclude, for example, dynamic memory 604. Transmission media include,for example, twisted pair cables, coaxial cables, copper wire, fiberoptic cables, and carrier waves that travel through space without wiresor cables, such as acoustic waves and electromagnetic waves, includingradio, optical and infrared waves. Signals include man-made transientvariations in amplitude, frequency, phase, polarization or otherphysical properties transmitted through the transmission media. Commonforms of computer-readable media include, for example, a floppy disk, aflexible disk, hard disk, magnetic tape, any other magnetic medium, aCD-ROM, CDRW, DVD, any other optical medium, punch cards, paper tape,optical mark sheets, any other physical medium with patterns of holes orother optically recognizable indicia, a RAM, a PROM, an EPROM, aFLASH-EPROM, an EEPROM, a flash memory, any other memory chip orcartridge, a carrier wave, or any other medium from which a computer canread. The term computer-readable storage medium is used herein to referto any computer-readable medium except transmission media.

Logic encoded in one or more tangible media includes one or both ofprocessor instructions on a computer-readable storage media and specialpurpose hardware, such as ASIC 620.

Network link 678 typically provides information communication usingtransmission media through one or more networks to other devices thatuse or process the information. For example, network link 678 mayprovide a connection through local network 680 to a host computer 682 orto equipment 684 operated by an Internet Service Provider (ISP). ISPequipment 684 in turn provides data communication services through thepublic, world-wide packet-switching communication network of networksnow commonly referred to as the Internet 690.

A computer called a server host 692 connected to the Internet hosts aprocess that provides a service in response to information received overthe Internet. For example, server host 692 hosts a process that providesinformation representing video data for presentation at display 614. Itis contemplated that the components of system 600 can be deployed invarious configurations within other computer systems, e.g., host 682 andserver 692.

At least some embodiments of the invention are related to the use ofcomputer system 600 for implementing some or all of the techniquesdescribed herein. According to one embodiment of the invention, thosetechniques are performed by computer system 600 in response to processor602 executing one or more sequences of one or more processorinstructions contained in memory 604. Such instructions, also calledcomputer instructions, software and program code, may be read intomemory 604 from another computer-readable medium such as storage device608 or network link 678. Execution of the sequences of instructionscontained in memory 604 causes processor 602 to perform one or more ofthe method steps described herein. In alternative embodiments, hardware,such as ASIC 620, may be used in place of or in combination withsoftware to implement the invention. Thus, embodiments of the inventionare not limited to any specific combination of hardware and software,unless otherwise explicitly stated herein.

The signals transmitted over network link 678 and other networks throughcommunications interface 670, carry information to and from computersystem 600. Computer system 600 can send and receive information,including program code, through the networks 680, 690 among others,through network link 678 and communications interface 670. In an exampleusing the Internet 690, a server host 692 transmits program code for aparticular application, requested by a message sent from computer 600,through Internet 690, ISP equipment 684, local network 680 andcommunications interface 670. The received code may be executed byprocessor 602 as it is received, or may be stored in memory 604 or instorage device 608 or any other non-volatile storage for laterexecution, or both. In this manner, computer system 600 may obtainapplication program code in the form of signals on a carrier wave.

Various forms of computer readable media may be involved in carrying oneor more sequence of instructions or data or both to processor 602 forexecution. For example, instructions and data may initially be carriedon a magnetic disk of a remote computer such as host 682. The remotecomputer loads the instructions and data into its dynamic memory andsends the instructions and data over a telephone line using a modem. Amodem local to the computer system 600 receives the instructions anddata on a telephone line and uses an infra-red transmitter to convertthe instructions and data to a signal on an infra-red carrier waveserving as the network link 678. An infrared detector serving ascommunications interface 670 receives the instructions and data carriedin the infrared signal and places information representing theinstructions and data onto bus 610. Bus 610 carries the information tomemory 604 from which processor 602 retrieves and executes theinstructions using some of the data sent with the instructions. Theinstructions and data received in memory 604 may optionally be stored onstorage device 608, either before or after execution by the processor602.

FIG. 7 illustrates a chip set or chip 700 upon which an embodiment ofthe invention may be implemented. Chip set 700 is programmed to generateprivacy ratings for applications as described herein and includes, forinstance, the processor and memory components described with respect toFIG. 6 incorporated in one or more physical packages (e.g., chips). Byway of example, a physical package includes an arrangement of one ormore materials, components, and/or wires on a structural assembly (e.g.,a baseboard) to provide one or more characteristics such as physicalstrength, conservation of size, and/or limitation of electricalinteraction. It is contemplated that in certain embodiments the chip set700 can be implemented in a single chip. It is further contemplated thatin certain embodiments the chip set or chip 700 can be implemented as asingle “system on a chip.” It is further contemplated that in certainembodiments a separate ASIC would not be used, for example, and that allrelevant functions as disclosed herein would be performed by a processoror processors. Chip set or chip 700, or a portion thereof, constitutes ameans for performing one or more steps of providing user interfacenavigation information associated with the availability of functions.Chip set or chip 700, or a portion thereof, constitutes a means forperforming one or more steps of generating privacy ratings forapplications.

In one embodiment, the chip set or chip 700 includes a communicationmechanism such as a bus 701 for passing information among the componentsof the chip set 700. A processor 703 has connectivity to the bus 701 toexecute instructions and process information stored in, for example, amemory 705. The processor 703 may include one or more processing coreswith each core configured to perform independently. A multi-coreprocessor enables multiprocessing within a single physical package.Examples of a multi-core processor include two, four, eight, or greaternumbers of processing cores. Alternatively or in addition, the processor703 may include one or more microprocessors configured in tandem via thebus 701 to enable independent execution of instructions, pipelining, andmultithreading. The processor 703 may also be accompanied with one ormore specialized components to perform certain processing functions andtasks such as one or more digital signal processors (DSP) 707, or one ormore application-specific integrated circuits (ASIC) 709. A DSP 707typically is configured to process real-world signals (e.g., sound) inreal time independently of the processor 703. Similarly, an ASIC 709 canbe configured to performed specialized functions not easily performed bya more general purpose processor. Other specialized components to aid inperforming the inventive functions described herein may include one ormore field programmable gate arrays (FPGA), one or more controllers, orone or more other special-purpose computer chips.

In one embodiment, the chip set or chip 700 includes merely one or moreprocessors and some software and/or firmware supporting and/or relatingto and/or for the one or more processors.

The processor 703 and accompanying components have connectivity to thememory 705 via the bus 701. The memory 705 includes both dynamic memory(e.g., RAM, magnetic disk, writable optical disk, etc.) and staticmemory (e.g., ROM, CD-ROM, etc.) for storing executable instructionsthat when executed perform the inventive steps described herein togenerate privacy ratings for applications. The memory 705 also storesthe data associated with or generated by the execution of the inventivesteps.

FIG. 8 is a diagram of exemplary components of a mobile terminal (e.g.,handset) for communications, which is capable of operating in the systemof FIG. 1, according to one embodiment. In some embodiments, mobileterminal 801, or a portion thereof, constitutes a means for performingone or more steps of generating privacy ratings for applications.Generally, a radio receiver is often defined in terms of front-end andback-end characteristics. The front-end of the receiver encompasses allof the Radio Frequency (RF) circuitry whereas the back-end encompassesall of the base-band processing circuitry. As used in this application,the term “circuitry” refers to both: (1) hardware-only implementations(such as implementations in only analog and/or digital circuitry), and(2) to combinations of circuitry and software (and/or firmware) (suchas, if applicable to the particular context, to a combination ofprocessor(s), including digital signal processor(s), software, andmemory(ies) that work together to cause an apparatus, such as a mobilephone or server, to perform various functions). This definition of“circuitry” applies to all uses of this term in this application,including in any claims. As a further example, as used in thisapplication and if applicable to the particular context, the term“circuitry” would also cover an implementation of merely a processor (ormultiple processors) and its (or their) accompanying software/orfirmware. The term “circuitry” would also cover if applicable to theparticular context, for example, a baseband integrated circuit orapplications processor integrated circuit in a mobile phone or a similarintegrated circuit in a cellular network device or other networkdevices.

Pertinent internal components of the telephone include a Main ControlUnit (MCU) 803, a Digital Signal Processor (DSP) 805, and areceiver/transmitter unit including a microphone gain control unit and aspeaker gain control unit. A main display unit 807 provides a display tothe user in support of various applications and mobile terminalfunctions that perform or support the steps of generating privacyratings for applications. The display 807 includes display circuitryconfigured to display at least a portion of a user interface of themobile terminal (e.g., mobile telephone). Additionally, the display 807and display circuitry are configured to facilitate user control of atleast some functions of the mobile terminal. An audio function circuitry809 includes a microphone 811 and microphone amplifier that amplifiesthe speech signal output from the microphone 811. The amplified speechsignal output from the microphone 811 is fed to a coder/decoder (CODEC)813.

A radio section 815 amplifies power and converts frequency in order tocommunicate with a base station, which is included in a mobilecommunication system, via antenna 817. The power amplifier (PA) 819 andthe transmitter/modulation circuitry are operationally responsive to theMCU 803, with an output from the PA 819 coupled to the duplexer 821 orcirculator or antenna switch, as known in the art. The PA 819 alsocouples to a battery interface and power control unit 820.

In use, a user of mobile terminal 801 speaks into the microphone 811 andhis or her voice along with any detected background noise is convertedinto an analog voltage. The analog voltage is then converted into adigital signal through the Analog to Digital Converter (ADC) 823. Thecontrol unit 803 routes the digital signal into the DSP 805 forprocessing therein, such as speech encoding, channel encoding,encrypting, and interleaving. In one embodiment, the processed voicesignals are encoded, by units not separately shown, using a cellulartransmission protocol such as enhanced data rates for global evolution(EDGE), general packet radio service (GPRS), global system for mobilecommunications (GSM), Internet protocol multimedia subsystem (IMS),universal mobile telecommunications system (UMTS), etc., as well as anyother suitable wireless medium, e.g., microwave access (WiMAX), LongTerm Evolution (LTE) networks, code division multiple access (CDMA),wideband code division multiple access (WCDMA), wireless fidelity(WiFi), satellite, and the like, or any combination thereof.

The encoded signals are then routed to an equalizer 825 for compensationof any frequency-dependent impairments that occur during transmissionthough the air such as phase and amplitude distortion. After equalizingthe bit stream, the modulator 827 combines the signal with a RF signalgenerated in the RF interface 829. The modulator 827 generates a sinewave by way of frequency or phase modulation. In order to prepare thesignal for transmission, an up-converter 831 combines the sine waveoutput from the modulator 827 with another sine wave generated by asynthesizer 833 to achieve the desired frequency of transmission. Thesignal is then sent through a PA 819 to increase the signal to anappropriate power level. In practical systems, the PA 819 acts as avariable gain amplifier whose gain is controlled by the DSP 805 frominformation received from a network base station. The signal is thenfiltered within the duplexer 821 and optionally sent to an antennacoupler 835 to match impedances to provide maximum power transfer.Finally, the signal is transmitted via antenna 817 to a local basestation. An automatic gain control (AGC) can be supplied to control thegain of the final stages of the receiver. The signals may be forwardedfrom there to a remote telephone which may be another cellulartelephone, any other mobile phone or a land-line connected to a PublicSwitched Telephone Network (PSTN), or other telephony networks.

Voice signals transmitted to the mobile terminal 801 are received viaantenna 817 and immediately amplified by a low noise amplifier (LNA)837. A down-converter 839 lowers the carrier frequency while thedemodulator 841 strips away the RF leaving only a digital bit stream.The signal then goes through the equalizer 825 and is processed by theDSP 805. A Digital to Analog Converter (DAC) 843 converts the signal andthe resulting output is transmitted to the user through the speaker 845,all under control of a Main Control Unit (MCU) 803 which can beimplemented as a Central Processing Unit (CPU).

The MCU 803 receives various signals including input signals from thekeyboard 847. The keyboard 847 and/or the MCU 803 in combination withother user input components (e.g., the microphone 811) comprise a userinterface circuitry for managing user input. The MCU 803 runs a userinterface software to facilitate user control of at least some functionsof the mobile terminal 801 to generate privacy ratings for applications.The MCU 803 also delivers a display command and a switch command to thedisplay 807 and to the speech output switching controller, respectively.Further, the MCU 803 exchanges information with the DSP 805 and canaccess an optionally incorporated SIM card 849 and a memory 851. Inaddition, the MCU 803 executes various control functions required of theterminal. The DSP 805 may, depending upon the implementation, performany of a variety of conventional digital processing functions on thevoice signals. Additionally, DSP 805 determines the background noiselevel of the local environment from the signals detected by microphone811 and sets the gain of microphone 811 to a level selected tocompensate for the natural tendency of the user of the mobile terminal801.

The CODEC 813 includes the ADC 823 and DAC 843. The memory 851 storesvarious data including call incoming tone data and is capable of storingother data including music data received via, e.g., the global Internet.The software module could reside in RAM memory, flash memory, registers,or any other form of writable storage medium known in the art. Thememory device 851 may be, but not limited to, a single memory, CD, DVD,ROM, RAM, EEPROM, optical storage, magnetic disk storage, flash memorystorage, or any other non-volatile storage medium capable of storingdigital data.

An optionally incorporated SIM card 849 carries, for instance, importantinformation, such as the cellular phone number, the carrier supplyingservice, subscription details, and security information. The SIM card849 serves primarily to identify the mobile terminal 801 on a radionetwork. The card 849 also contains a memory for storing a personaltelephone number registry, text messages, and user specific mobileterminal settings.

While the invention has been described in connection with a number ofembodiments and implementations, the invention is not so limited butcovers various obvious modifications and equivalent arrangements, whichfall within the purview of the appended claims. Although features of theinvention are expressed in certain combinations among the claims, it iscontemplated that these features can be arranged in any combination andorder.

1. A method comprising facilitating a processing of and/or processing(1) data and/or (2) information and/or (3) at least one signal, the (1)data and/or (2) information and/or (3) at least one signal based, atleast in part, on the following: at least one determination of useinformation associated with one or more applications executing on one ormore devices; and a processing of the use information to determine oneor more privacy ratings for the one or more applications.
 2. A method ofclaim 1, wherein the (1) data and/or (2) information and/or (3) at leastone signal are further based, at least in part, on the following: atleast one determination to generate at least one visual representationof the one or more privacy ratings.
 3. A method of claim 1, wherein the(1) data and/or (2) information and/or (3) at least one signal arefurther based, at least in part, on the following: a grouping of the oneor more applications based, at least in part, on the one or more privacyratings.
 4. A method of claim 1, wherein the (1) data and/or (2)information and/or (3) at least one signal are further based, at leastin part, on the following: at least one determination of the useinformation over one or more periods of time; and an updating of the oneor more privacy ratings over the one or more periods of time.
 5. Amethod of claim 1, wherein the (1) data and/or (2) information and/or(3) at least one signal are further based, at least in part, on thefollowing: at least one determination of the use information based, atleast in part, on usage data associated with one or more input sources,one or more components, one or more categories of personal information,or a combination thereof associated with the one or more devices.
 6. Amethod of claim 5, wherein the (1) data and/or (2) information and/or(3) at least one signal are further based, at least in part, on thefollowing: a visualization of the one or more privacy ratings thatindicates, at least in part, one or more privacy impacts associated withthe one or more input sources, the one or more components, the one ormore categories of personal information, or a combination thereof
 7. Amethod of claim 1, wherein the (1) data and/or (2) information and/or(3) at least one signal are further based, at least in part, on thefollowing: a segmentation of the use information according to one ormore contexts; and at least one determination of the one or more privacyratings with respect to the one or more contexts.
 8. A method of claim1, wherein the (1) data and/or (2) information and/or (3) at least onesignal are further based, at least in part, on the following: at leastone determination of compliance information for the one or moreapplications based, at least in part, on one or more privacy policiesassociated with the one or more devices, wherein the one or more privacyratings are further based, at least in part, on the complianceinformation.
 9. A method of claim 1, wherein the (1) data and/or (2)information and/or (3) at least one signal are further based, at leastin part, on the following: a processing of one or more characteristicsof (a) at least one target device, (b) one or more environments in whichthe at least one target device operates, (c) the use information, or (d)a combination thereof to cause, at least in part, a scaling of the oneor more privacy ratings for the at least one target device.
 10. A methodof claim 9, wherein the use information includes, at least in part, oneor more data access requests, one or more responses to the one or moredata access requests, metadata associated with the one or moreresponses, or a combination thereof
 11. An apparatus comprising: atleast one processor; and at least one memory including computer programcode for one or more programs, the at least one memory and the computerprogram code configured to, with the at least one processor, cause theapparatus to perform at least the following, determine use informationassociated with one or more applications executing on one or moredevices; and process and/or facilitate a processing of the useinformation to determine one or more privacy ratings for the one or moreapplications.
 12. An apparatus of claim 11, wherein the apparatus isfurther caused to: determine to generate at least one visualrepresentation of the one or more privacy ratings.
 13. An apparatus ofclaim 11, wherein the apparatus is further caused to: cause, at least inpart, a grouping of the one or more applications based, at least inpart, on the one or more privacy ratings.
 14. An apparatus of claim 11,wherein the apparatus is further caused to: determine the useinformation over one or more periods of time; and cause, at least inpart, an updating of the one or more privacy ratings over the one ormore periods of time.
 15. An apparatus of claim 11, wherein theapparatus is further caused to: determine the use information based, atleast in part, on usage data associated with one or more input sources,one or more components, one or more categories of personal information,or a combination thereof associated with the one or more devices.
 16. Anapparatus of claim 15, wherein the apparatus is further caused to:cause, at least in part, a visualization of the one or more privacyratings that indicates, at least in part, one or more privacy impactsassociated with the one or more input sources, the one or morecomponents, the one or more categories of personal information, or acombination thereof.
 17. An apparatus of claim 11, wherein the apparatusis further caused to: cause, at least in part, a segmentation of the useinformation according to one or more contexts; and determine the one ormore privacy ratings with respect to the one or more contexts.
 18. Anapparatus of claim 11, wherein the apparatus is further caused to:determine compliance information for the one or more applications based,at least in part, on one or more privacy policies associated with theone or more devices, wherein the one or more privacy ratings are furtherbased, at least in part, on the compliance information.
 19. An apparatusof claim 11, wherein the apparatus is further caused to: process and/orfacilitate a processing of one or more characteristics of (a) at leastone target device, (b) one or more environments in which the at leastone target device operates, (c) the use information, or (d) acombination thereof to cause, at least in part, a scaling of the one ormore privacy ratings for the at least one target device.
 20. Anapparatus of claim 19, wherein the use information includes, at least inpart, one or more data access requests, one or more responses to the oneor more data access requests, metadata associated with the one or moreresponses, or a combination thereof. 21-48. (canceled)